CVE-2008-4402

Published: Oct 3, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.

Affected (2)

Products: Trend Micro: Officescan

Trend Micro

1 product

Officescan

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trend Micro Officescan	Version 8.0 sp1
Trend Micro Officescan	Version 8.0 sp1_patch1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://secunia.com/advisories/32097

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/31531

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1020974

Source: cve@mitre.org

http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

Source: cve@mitre.org

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2712

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45608

Source: cve@mitre.org

http://secunia.com/advisories/32097